Inside Security (Feb 6th, 2018)

David’s Take

As many readers of this newsletter know, we produce a special premium-only edition every Thursday for subscribers. This week Incapsula is picking up the tab so that all of you can read it; watch your inboxes then for this edition.

In our top story, we dive deeper into the Strava/Fitbit data leaking controversy, citing a few different researchers who have been working for several years and warning about the consequences of wearables that aren’t very secure.

Stories at the end of January claimed that mobile app Strava produced fitness heatmaps that revealed the location of users who lived on military bases. Now Henrik Lied, a Norwegian journalist, has fooled Strava into showing the names of some of the soldiers and other personnel on those bases. By exploiting a Strava feature known as “Flyby,” he could find other Strava users who are training nearby. It took some effort to generate digital geolocation routes and some Python scripting magic, but he was able to find 18 people from various locations around the world.

DFLabs, which sells security automation and orchestration tools, announced it has increased its total funding to $9M from existing investor Evolution Equity Partners. Based in Boston and Milan, its CEO is Dario Forte.

Owl has closed an $18M A funding round, with Defy as the lead investor. The Palo Alto-based company makes broadband security webcams for cars and has Andy Hodge as its CEO.

New Knowledge closed a $1.9M seed funding round, with Moonshots Capital as their lead. The Austin-based vendor of AI anti-disinformation analysis has Jonathon Morgan as its CEO.

BigID closed a $14M A round with ClearSky Security as the lead. The NYC-based vendor of ID/big data analysis has Dimitri Sirota as its CEO.

BehaviorSec closed a $17.5M B funding round with Trident Capital as their lead. It's based in Stockholm and has passive behavioral biometrics tools. Its CEO is Neil Costigan.

Attacks and vulnerabilities

Here is a clever phishing campaign designed around this week's Korean Olympics. An email that seems to be from the Korean National Counter-Terrorism Center contained a malicious Word document attachment. This blog post analyzes how it does its dirty work, including hidden VB and PowerShell scripts. – SECURING TOMORROW (McAfee)

The Grammarly chrome extension is used by about 22M people to check their spelling and grammar when using web forms. A researcher found that it exposes authentication tokens, thereby enabling anyone to gain access to documents, history, logs, and all other user data. Grammarly issued an automatic update yesterday to fix the issue. – CHROMIUM BLOG

A new botnet has been targeting IoT devices, using tactics borrowed from existing malware to perform remote code execution through three individual SOAP posts. Unlike other IoT botnets, this one uses remote servers to scan the endpoints and perform the actual exploits. – RADWARE BLOG

A researcher at Fidelis Cybersecurity devised a new technique that abuses X.509 digital certificates to establish a covert data exchange channel. Jason Reaves demonstrated the exploit at a BSides conference last summer, now he has published the details and a proof-of-concept code, which uses little-known descriptor fields for the data exchange. To prevent this exploit, he suggests blocking self-signed certificates such the ones used in the PoC and check for executables in certificates. – SECURITY AFFAIRS

Report

As phishing has evolved and moved increasingly towards mobile, phishers have also looked beyond email to distribute phishing links. Here is how a phishing landing page can be used to bypass 2FA. -- WANDERA

Just for fun

Act now, and you can buy into the latest cryptocurrency called "PonziCoin." And yes, it does have Equifax-grade security, at least according to the FAQ. -- PONZICOIN